Total CVEs

144,294

Critical Severity

4,165

High Severity

14,995

Last 7 Days

1,580
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 4,061 - 4,080 of 40,699 CVEs
CVE-2026-48802 HIGH - 7.5

python-engineio has unbound thread allocation that can cause denial of service

Vendor: pip
Product: python-engineio
Published: Jun 26, 2026
Source: GitHub
CVE-2026-48809 HIGH - 7.5

python-engineio has possible denial of service due to maximum payload size sometimes not being enforced

Vendor: pip
Product: python-engineio
Published: Jun 26, 2026
Source: GitHub

LinkifyIt#match scan loop has quadratic algorithmic complexity

Vendor: npm
Product: linkify-it
Published: Jun 26, 2026
Source: GitHub
CVE-2026-48790 MEDIUM - 5.5

turso-cli persists Turso platform JWT with world-readable (0o644) file permissions

Vendor: go
Product: github.com/tursodatabase/turso-cli
Published: Jun 26, 2026
Source: GitHub
CVE-2026-41262 MEDIUM - 4.3

Fleet DM Vulnerable to Cross-Team Policy Data Exposure via Global Policy Read Endpoint

Vendor: go
Product: github.com/fleetdm/fleet/v4
Published: Jun 26, 2026
Source: GitHub
CVE-2026-55838 MEDIUM - 4.3

RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.7 and earlier, the real-time metrics endpoint at /rustfs/admin/v3/metrics is accessible to any valid IAM user regardless of their assigned policy. Every other admin handler in the codebase calls validate_admin_request to enfo...

Vendor: rustfs
Product: rustfs
Published: Jun 26, 2026
Source: NVD
CVE-2026-55189 HIGH - 7.7

RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, when the FTP frontend is enabled, the FTP read and probe handlers dispatch directly to the storage backend without ever calling the IAM authorization function that the FTP write/list handlers (and the...

Vendor: rustfs
Product: rustfs
Published: Jun 26, 2026
Source: NVD
CVE-2026-55188 HIGH - 8.2

RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, RustFS contains an authorization bypass in the bucket replication admin API. The ListRemoteTargetHandler handler for listing remote replication targets only checks whether request credentials exist, b...

Vendor: rustfs
Product: rustfs
Published: Jun 26, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pci_name() for debugfs directory naming Use pci_name(pdev) for the per-device debugfs directory instead of hardcoded "0" for PFs and pci_slot_name(pdev->slot) for VFs. The previous approach had two issu...

Vendor: Linux
Product: Linux
Published: Jun 26, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdev_lock_ops() from conduit ethtool ops DSA replaces the conduit (master) device's ethtool_ops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lo...

Vendor: Linux
Product: Linux
Published: Jun 26, 2026
Source: NVD
CVE-2026-53322 HIGH - 8.8

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Clean up DMABUFs before disabling function On device shutdown, make vfio_pci_core_close_device() call vfio_pci_dma_buf_cleanup() before the function is disabled via vfio_pci_core_disable(). This ensures that all access ...

Vendor: Linux
Product: Linux
Published: Jun 26, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: io_uring/napi: cap busy_poll_to 10 msec Currently there's no cap on the maximum amount of time that napi is allowed to poll if no events are found, which can lead to kernel complaints on a task being stuck as there's no ...

Vendor: Linux
Product: Linux
Published: Jun 26, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty() nilfs_ioctl_mark_blocks_dirty() uses bd_oblocknr to detect dead blocks by comparing it with the current block number bd_blocknr. If they differ, the block is consi...

Vendor: Linux
Product: Linux
Published: Jun 26, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: blk-wbt: remove WARN_ON_ONCE from wbt_init_enable_default() wbt_init_enable_default() uses WARN_ON_ONCE to check for failures from wbt_alloc() and wbt_init(). However, both are expected failure paths: - wbt_alloc() can return NUL...

Vendor: Linux
Product: Linux
Published: Jun 26, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_tx_check_aggr() Move the NULL check for 'sta' before dereferencing it to prevent a possible crash.

Vendor: Linux
Product: Linux
Published: Jun 26, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: Place upper limit on station AID Any station configured with an AID over 20 causes a firmware crash. This situation occurred in our testing using an AP interface on 7922 hardware, with a modified hostapd, sourc...

Vendor: Linux
Product: Linux
Published: Jun 26, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: drm/amd/ras: Fix NULL deref in ras_core_ras_interrupt_detected() Fixes a NULL pointer dereference when ras_core is NULL and ras_core->dev is accessed in the error path. Reported by: Dan Carpenter <dan.carpenter@linaro.org&g...

Vendor: Linux
Product: Linux
Published: Jun 26, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: drm/amd/ras: Fix NULL deref in ras_core_get_utc_second_timestamp() ras_core_get_utc_second_timestamp() retrieves the current UTC timestamp (in seconds since the Unix epoch) through a platform-specific RAS system callback and is us...

Vendor: Linux
Product: Linux
Published: Jun 26, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: padata: Put CPU offline callback in ONLINE section to allow failure syzbot reported the following warning: DEAD callback error for CPU1 WARNING: kernel/cpu.c:1463 at _cpu_down+0x759/0x1020 kernel/cpu.c:1463, CPU#0: syz.0....

Vendor: Linux
Product: Linux
Published: Jun 26, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid NULL dereference in dc_dmub_srv error paths In dc_dmub_srv_log_diagnostic_data() and dc_dmub_srv_enable_dpia_trace(). Both functions check: if (!dc_dmub_srv || !dc_dmub_srv->dmub) and then call DC_LO...

Vendor: Linux
Product: Linux
Published: Jun 26, 2026
Source: NVD